Network Security

Resolved! crypto map Outside_map 1 set nat-t-disable

Hi everyone, Need to know for site to site l2l ipsec tunnels below config crypto map Outside_map0 7 set nat-t-disable Will disable the NAT for traffic going from one side of tunnel to another and vice versa? Regards Mahesh

Resolved! Not able to ping inside interface from outside

Hi, I'm trying to stimulate a new network as the topology diagram below: Topology However I encounter some problem: From ASA: I can ping back to : 192.168.200.1 ( Site_RTR IP, int fa0/1) 192.168.200.2( ASA vlan interface IP, outside interface) 10.1...

Resolved! ASA conversion from 8.2 to 9.1

Hi Everyone, I configured and converted ASA from 8.2 to 9.1 In 9.1 i do see config like asdm location 10.0.0.0 255.0.0.0 Inside Need to know should i remove this config? Also what is use of this config? Secondly in 8.2 i have this config vpn-tunne...

Resolved! Creating multiple l2l tunnes on single interface

Hi everyone, I need to create 5 ipsec l2l tunnels to remote sites. Need to confirm i can only use single ASA physical interface to do this? Regards MAhesh

Resolved! ASDM & AnyConnect not working after 9.1.7 upgrade

Hello, We have an ASA 5510 that was running stable on 9.1(5)21 with ASDM 7.3.2. After upgrading to 9.1.7 and ASDM 7.5.2-153 per CVE-2016-1287 from Cisco we are seeing issues with users being able to connect using AnyConnect or the SSL WebVPN and we...

cisco-sa-20160210-asa-ike advisory ACL question

Hello. I have a question regarding interface ACL's and IPsec VPN tunnels that was prompted by this advisory. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike A VPN connection has many traffic component...

CVE-2016-1287 workaround

Hi everyone, Just wondering if I could tackle this vuln using an ACL allowing only IKE1/2 traffic for selected VPN peers. Would that block any UDP crafted packets from getting through the ASA ipsec engine? Awaiting your comments, Theo.

Resolved! ASA 5506 NAT issues.

Hi there... I have recently installed a 5506 at a customer WHO has two servers that needs NAT. One of them is a web server on a DMZ and i have enabled NAT with a public ip on src: DMZ, dest.:OUTSIDE. Also i have made two access rules that allows OUT...

PBR on Cisco WS-C3850-48T L3 switch performance impact?

We have Cisco WS-C3850-48T L3 switch and i am going to configure PBR on it, does anyone know what could be the impact? If i apply policy to specific interface then PBR will only apply on that specific interface traffic right? it won't apply on global...

Please Explain the Product Code

Hello, can someone please explain to me what the Product code L-ASAV5S-STD-8 means? What does 8-pack mean (8 Users, 8 Hosts, 8 Ports,...)? I would like to set up a virtual lab for Proof of concepts, Testing and Troubleshooting. I'm just a freelanc...

Resolved! WCCP on ASA restricted to Inside interface only

Hi, I recall reading wccp can only redirect to the ASA inside. On the new 5506 that have no switch ports, this creates an issue where a webfilter was directly connected previously and obviously cannot now. Is that wccp restriction truly only insid...

Resolved! Port forwarding with PAT on 5505

Hey guys, I'd like some help with port forwarding on a 5505 running 9.2(4) code. I'm trying to forward requests on port 80 on my outside, ISP provided IP to port 8000 on an internal server. Everything inside the ASA is PATing on the outside address. ...

Using Public and Private certificates on "Outside" interface of ASA

We have external customers that access to our ASA public "outside" IP to reach web servers within our DMZ . Trust is enabled with public certificates assigned on the "outside" interface. We also have external employees that need to connect to this s...

Resolved! URL Filtering By Schedule

Hi all, Please is there any solution, how to block a website on specific time (for example only between 12:00PM and 14:00PM, we can open a specific website, after this time it becomes blocked) Thanks in advance

How to open .SH File for Firesight Management Center Virtual Appliance

Hi Team, I have downloaded the Firesight Management Center Virtual file but I can´t open it. The extension is ¨.SH¨ as you can see in fhe following information that I´ve obtained from Cisco.com web page: Cisco FireSIGHT Management Center Patch So...

Network Security

Forum Posts

Resolved! crypto map Outside_map 1 set nat-t-disable

Resolved! Not able to ping inside interface from outside

Resolved! ASA conversion from 8.2 to 9.1

Resolved! Creating multiple l2l tunnes on single interface

Resolved! ASDM & AnyConnect not working after 9.1.7 upgrade

cisco-sa-20160210-asa-ike advisory ACL question

CVE-2016-1287 workaround

Resolved! ASA 5506 NAT issues.

PBR on Cisco WS-C3850-48T L3 switch performance impact?

Please Explain the Product Code

Resolved! WCCP on ASA restricted to Inside interface only

Resolved! Port forwarding with PAT on 5505

Using Public and Private certificates on "Outside" interface of ASA

Resolved! URL Filtering By Schedule

How to open .SH File for Firesight Management Center Virtual Appliance

Congratulations to the July 2023 Spotlight Award winners!

Renew.cisco.com just got refreshed, and it will make your life easier!

Announcing Resources That Guide You to Success

Firepower 1140 ASA multicast DNAT support

Why are NFS connections centralized in ASA/FTD cluster?

思科ASA防火墙型号ASA5555-X版本升级和ADSM的客户端管理软件升级版本可以确定一下吗，各位大佬

Cisco Secure Workload - Rehoming Agents from On-Prem to SaaS

Application Filtering for Office365

ISE Identity services Engine

ASA 5525-x smartnet contract & licensing

Cisco Firepower 1120 can do virtual firewall?

Is there a way to migrate from FMC to cdFMC?

switching a Firepower 1120 failover active/standby into multi context